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1. Introduction 



Objective 

The objective of this functional specification document is to help describe the functional 
features of a product solution. 

2. Scope 

This document is intended to provide a high level description of the Web-Server functionality 
for the Anon Pro release. 7 

Product Overview 

This section describes the product from a high level perspective. 
Please include a diagram to help in the overview. 

3. Product Features 

This section lists a summarized listing of the features as listed in the business requirements 
document and or conceptual overview. 



ft 



4. Modules 

dere| S o e p C me n nt iStS * SUmmarized listing of the modules rec * uired for the Ar ™Pro Web-Server 



4.1. AnonPro Web Server Startup Wizard Support Script 
4.1.1. Overview 

This project will be a CGI script written in PERL. Its purpose is to interface with the AnonPro 
client application Startup Wizard Module. The AnonPro client will be making an HTTPS posts to 
this scrip when the Startup Wizard Module is called. This script will be required'to determine the 
action to take based upon an "action" parameter. The two defined actions are Key Validation 
and Account Creation. 

The script will return all results in XML format 




4.1.2. Key Validation 

When the AnonPro Web Server Startup Wizard Support Script receives an action parameter 
equal to "regval" it will perform Key Validation. 

The first step of key validation is reading in the registration key from the "regkey" parameter The 
script will reference the Anonymizer database to find out if this key exists in the registration key 
table. Existence in this table will determine that this is a valid registration key. If the key exists in 
the database the edition that is associated with it will be retrieved as well 



If this key has been previously used, it will lookup the public key that is associated with the 
registration key. It will then return the edition and public key to the client with the status of "used" 
If the key has not been previously used the script will generate a public key and store it in the 
database. It will then return the edition, public key, and a status of "new" 




Generate \^ No 
public key Jp* 



/Return new^X 
( public key, X 
V edition J > 



Chec k if key 
V has been used 



used 




4.1.3. Account Creation 

The account creation section will handle the creation, renewal, or reinstallation of the user's 
account. We will look at each of these scenarios separately. 

Account creation is performed when an unused key is passed in with a valid and available 
username and password. The user will be inserted into the necessary tables in order to allow the 
user to use the AnonPro service. 



Account renewal is performed when an unused key is passed in with the username and password 
of an existing user. The user's account is then updated to reflect the upgrade in service 
determined by the registration key. 

Account reinstallation is performed when the user is not creating a new account or 
upgrading/renewing an existing account, but is merely trying to activate an installation of the 
Anon Pro client. 




4.1.4. Script Input: 

Universal: 

Action = "regval" || "createacct" 
Regkey = <KEY> 



Action Dependent: 

Key Validation 
None 

Account Creation 

Uname = string 
Passwd = string 
Email = string 
Renew = 0 || 1 
Reinstall = 0 || 1 



4.1.5. Script Output: 

Key Validation: 

Keystatus = "invalid" || "used" || "new" 
Publickey = <Pubiic Key> 
Edition = string 

Account Creation: 

Account_status = "invalid^uname" |( "invalid_passwd" || "not authorized" II "not available" II 
success" ~ ii - ii 

uname = usemame 

Enc_passwd = encrypted password 

Suggestion Jist = 1 or more suggestions for username 



4.1.6. XML Format 

<root> 
<regval> 

<keystatus>invalid| |used| I new</keystatus> 
<publickey>public key generated by server</publickey> 
<edition>ProductType</edition> 

</regval> 

<createacct> 

<account_status>invalid_uname| I invalid_passwd | | not authorized) | not avai 
lible ~ ~ - 

I lsuccess</createacct> 
<suggestion_list> 

<suggestion>uname suggest ion</suggestion> 
< /suggest ion_list> 
<uname>user name </ uname > 
<enc_j>asswd>encrypted passwd</enc_passwd> 



</createacct> 

<error>invalid_action| lnone</error> 
</root> 



4.2. AnonPro Web-Server Logon/Authentication Module 

The AnonPro Web Server Login Script will handle user authentication for the AnonPro client The 
AnonPro client will make a silent HTTPS post to the Login Script. In this post the AnonPro client 
will pass in the username and password of the user to be authenticated. This script will 
determine the status of the user and set the necessary cookies in order for the user to be able to 
use the AnonPro service. The following paragraphs will outline the complete procedure. 

First the script checks to make sure the uname and passwd parameters have been passed in If 
they are not passed in, it checks for the existence of an APMeta-Auth cookie. The username and 
password would then be extracted from the APMeta-Auth cookie and the script would proceed as 
normal. In the event that the username and password are not passed in and there is no APMeta- 
Auth cookie, the script will return an "invalid" status and exit. 

The script then connects to the Anonymizer database and searches for a user with the given 
username and password. If a user is not found with the given information the script will return a 
status of "invalid". If the user is found, the script then checks to see if the user has an active 
AnonPro account. If the user does not have an AnonPro account or has an expired AnonPro 
account the script will return the status of "expired" (When the AnonPro client receives an 
expired" status it should open a browser window and proceed to the URL contained in the 
SignupJJRL registry entry.). If the user owns an account that is not expired for some other 
reason is not active, the script will return a status of "inactive". 

If it has been determined that the user has an active AnonPro account it will proceed in setting 
the necessary authorization ccokies.The authorization cookies that the Login Script will set are 
the APAuth cookie and the APMeta-Auth cookie. 

The APAuth cookie is what the AnonPro Proxy Servers will check in order to authenticate the 
user. It has a two hour lifetime. It contains the type of service of the user's account the 
encrypted username, the timestamp for expiration (epoch time), and a hash which verifies the 
authenticity of the cookie. 

The APMeta-Auth cookie is designed to allow the AnonPro Proxy servers the ability to redirect to 
the Login Script and receive authentication without interaction with the AnonPro client. The 
APMeta-Auth cookie contains the encrypted username and the uid (user id) of the user. 



4.2.1. APAuth Cookie 

<APAuth> 

<tos>type of service</tos> 

<uname>encrypted username</uname> 

<expires>unix timestamp for expiration</expires> 

<hash>hash of: secret string + tos + uname + expires + 
secret string</hash> 
</APAuth> 



4.2.2. APMeta-Auth Cookie 

<APMeta-Auth> 

<uname>encrypted uname</uname> 



<uid>user id</uid> 
</APMeta-Auth> 



5. System 

5.1. Platform 

This will need to run on Linux using Apache. 

5.2. Languages 

This portion is language independent. 

Reliability / Redundancy / Scalability 
Scalability 

This product only needs to be able to support the maximum number of connections we expect the 
client to initiate (1 machine only). 

Reliability / Redundancy 

Security 



Product Integration Interface 

This section describes the <product> interface functionality. 



Overview 

This section gives an overview of the interface components. 
API Integration 
3 rd Party Data mapping 

Common Components 
Overview 

The common components are those components that can be used by multiple systems. They 
represent those infrastructure components necessary to transmit a message from one queue 
(either client or server side) to another queue. 

Component 1 

Error Handling / Logging 

Error handling and logging are an important part to any system. 

Error Handling 

The SSL Server should behave similarly to any production web server with respect to how it 
handles its errors. 
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1 Introduction 



How to read this document 

Because this document is not yet finalized, you will also see some notes and comments 
interspersed with actual requirements. You can recognize comment text by its appearance in 
Times New Roman italicized font. This usually indicates some feedback is necessary from other 
departments or Project Stakeholders before the requirements can be completed. 



Objective 



The objective of this functional specification document is to help describe the functional 
features of a product solution. 

2 Scope 

This document is intended to provide a high level description of the SSL functionality for the 
Anon Pro release. 3 

3 Product Overview 

This section describes the product from a high level perspective. 
Please include a diagram to help in the overview. 

4 Product Features 

This section lists a summarized listing of the features as listed in the business requirements 
document and or conceptual overview. 

Full Time SSL 

Full time SSL will enable users of the client to connect securely to the proxy if they are using 
any of the http protocols such as http://www.vahoo.cnm or https://www.vahoo com We 
benefit in two ways from this module one we are able to provide a secure means of 
communication with our proxy so we don't introduce any more threats. Two we effectively 
implement a man in the middle attack allowing us to seamlessly filter the users content for 
them even if they are browsing secure sites. 

5 Modules 
Client Hooks 

The authors of the client code will need to provide hooks to redirect traffic to the client side 
Proxy Server (to be described next). That server will be a fully functional web proxy that will 
process the https connection using the SSL module. 



SSL Module 



This Module will be called by the client proxy server when it recieves an https 
connection.This can happen in two ways: 

1. HTTP request Full Time SSL (FTSSL) on. 



Browser 



Client 



request for http://www.foo.com 




Ishttps? No 




Forward request 
on ssl port 



Clear Text 



Ctient 
Proxy 
Server 



Proxy 



WWW 



Run thro ugh Filters, and add headers etc. 



6^ 



SSL Handshake 



SSl_Wrile 



^»SL_Read from dient side 



Decrypt 



Decrypt 



6^ 



forward dear text 



, Data back J_ 



r 



1 Requests made using SSL (HTTPS) 



Client 



Client 
Proxy 
Server 



Request is made dienlHello 
*1 



ServerHello 
■V 



Ishttps? Yes 



6^ 



ClientHello 



Proxy 



_ ServerHello 
<r — - -V 



Certificate 



Serve rOone 



Certificate 



Serve rDone 



Finish SSL handshake 



Send 



Data 



o<-- 



SSL_Read through 



Client's SSL_Read 



Search f or & possibly gen. site 

W 3 



SSL handshake 



Decrypt and filter 

! 

SSLJAJMe 



5*3 



WWW 



SSL handshake 



SSL Wite 



SSL_Read through Proxy's SSt^Read 



6 Architecture 

The Client hooks module will simply be a placeholder for calls and callbacks but the Client 
Proxy Server will need to be a fully functional server. This means that it will have to listen on 
Jwo ports for incoming secure as well as insecure connections and spawning a new thread to 

iE?5 B o i. C0 M neCt S „ When the Client is installed the User CA k eys must be generated 
also the Public User CA key needs to be installed in the browser preferably automatically but 
if this isn t possible we must provide instructions on how to do it manually. We will be using a 
universal s.te key to be signed by the User's Secret CA key to forge the authentication of the 
secure site. For security reasons we will spawn a background thread on startup to generate a 
new key and swap with the universal site key after it has been generated. 

This section will explain how we assume the identity of the secure server the browser wishes 
10 connect to. 



Is the 



Request 
made for 
secure 
site 



we 



Yes 



Is the 




Store cert in 
%HOME%\sites using the 

SHA-1 hashofthe 
requested site as the name 



Store certs private 
key in 
%HOME%\sites using 

SHA-1 hash of 
domains" private" as 
name 




Return the name 
of the cert for SSL 
to use in 
handshake 



Send cert 

in SSL 
Handshake 



When a request comes in for a secure site we must check to see if we have the site cert to 
return in the SSL handshake. We will check a table containing the file names of our disk 
cache located in HOME/sites where home is the registry entry for the program home To 
store the certificates we will use a SHA-1 hash of the sen/er they are representing If we 
cannot find the certificate in our cache we must generate one for that site using our universal 
site certificate and the User CA Secret Key. Once generated this will be stored in the cache in 
the same manner. 



After all of the above is completed we can finish the SSL handshake and begin the man in the 
middle attack. Essentially what we will be doing is decoding the SSL records on the client 
proxy server redirecting them through the filtering code and then doing an SSLJA/rite to the 
anonymizer proxy. A similar flow is used when reading data from the anonymizer proxy we do 
an SSL_Read giving us the clear text that was sent. Then send it though the filtering code 
Finally we will do an SSLJA/rite to the client, which will return it to the browser. 

The sequence of events on the Client proxy is as follows. The TCP hook has redirected the 
browser request to us, we call the regular socket accept and make a call to SSL .Initialize. 
The client proxy SSL handler will make calls to SSL_read/write instead of the standard recv 
and send calls. 




It is assumed the TCP 
Hook module 
redirected this request 
to the client proxy 



Client Proxy 



; browser initiates secure connection to some ate foo.com 



Anonymizer 



Browser writes data over SSL Client proxy doesSSL_read 



Client proxy does SSL_Whte 



Regular Soctet Accept 
Call SSLJnitializer 




Send da ta throug Filter module 
Client Proxy does SSL_V\Me 



.Client Proxy does SSL_Read 



Send data through filter module 



When SSL is used the 
client proxy code should 
replace every call to recv 
with SSL_read and 
every call.to send with 
SSL_write. 

it should be noted that 
the client proxy must 
pass in the proper SSL 
Struct to each 
SSL_read/write. If they 
are reading or writing 
to/from the browser they 
should pass in the client 
SSL struct. If they are 
reading/writing to/from 
the anonymizer proxy 
they should pass in the 
server S$L struct. 



7 System 
Platform 

This will need to run on all versions of windows the client will be supported on (XP, 2000, 98). 



Languages 



This portion is language independent. 



Reliability / Redundancy / Scalability 
Scalability 

This product only needs to be able to support the maximum number of connections we expect the 
client to initiate (1 machine only). y 

Reliability / Redundancy 

"The Client Proxy server should be very reliable because we cannot have multiple servers 
listening on the same port we cannot have more than one on each client. 



Security 

In order to prevent vulnerabilities in the system the server should do some form of client 
authentication to make sure other applications or even machines are trying to use the client 
server. 



8 Product Integration Interface 

This section describes the <product> interface functionality. 

Overview 

This section gives an overview of the interface components. 
API Integration 

int SSL_lnitialize(SSL 'client, SSL 'server, int browser_sock_descriptor char 
*destination_domain_name) 

This will be the function to call before handling an SSL connection. It will create 
the SSL_CTX and SSL structures for you and negotiate the SSL handshakes 
with the browser and the Anonymizer proxy. 

Parameters: 

• client - [out] SSL structure for communications between the browser and 
the client proxy. 

• server - [out] SSL structure for communications between the client proxy 
and the anonymizer proxy. 

• browser_sock_descriptor - [in] Socket descriptor used to associate the 
socket with the SSL connection. 

• destination_domain_name - [in] Name of the destination the browser was 
attempting to connect to used to provide the proper site certificate to the 



browser. 



Return value - 1 on success, negative error code on failure. 
Int SSL_write (SSL *info, const void *buff, int len) 

This is the OpenSSL function to call when you would like to write data to the 
browser (client), or server (anonymizer proxy) over the SSL connection 
established by SSLJnitialize. 

Parameters: 

• client - [in] SSL structure used for communication (ex client or server from 
SSLJnitialize). 



buff - [in] data buffer to write to the client. 

len - [in] number of bytes to write from the buffer. 



Return value - the number of bytes written. 0 if it was unsuccessful or less than 0 
if there is an error code. 

Int SSL_read(SSL *client, const void *buff, int len) 

This is the OpenSSL function to call when you would like to read data from the 
browser (client) or server(anonymizer proxy) over the SSL connection 
established by SSLJnitialize. It should be noted that since SSL data is sent in 
records and buffered this call may not return the maximum number of bytes and 
may need to be called repeatedly to receive all the data from the server. 

Parameters: 

• client - [in] SSL structure used for communication^ client or server from 
SSLJnitialize). 

• buff - [in] data buffer to populate. 

• len - [in] max number of bytes to read into the buffer. 

Return value - the number of bytes written, 0 if it was unsuccessful or less than 0 
if there is an error code. 

int filter_buffer(void **buff, DWORD bitmask) 

This is the function that will take the data received and run it through the filterqate 
filters in some fashion. 



Parameters: 

• buff - [in/out] data buffer to filter. 

• bitmask - [in] bitmask of the filters to run. 



3 rd Party Data mapping 



Common Components 
Overview 

The common components are those components that can be used by multiple systems They 
represent those infrastructure components necessary to transmit a message from one queue 
(either client or server side) to another queue. 

Component 1 



Error Handling I Logging 

Error handling and logging are an important part to any system. 

Error Handling 

The SSL Server should behave similarly to any production web server with respect to how it 
handles its errors. 
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6. 



Introduction 




Code Name 




lis project has been given the code name "AnonPro". This will not be the final name that 



This project builds on the features and functions of previous projects: Anonymizer 2 0 which 
uses the Proxy server, located at Anonymizer. Some components in the proxy server may 
need to be modified and at this point it is not known what the scope is. 

It is important to note that the AnonPro 1.0 project will NOT be phasing out 
the Anonymizer 2.0 product - but rather will leverage the proxy server 
infrastructure as well as some of the existing functionality to work. AnonPro 
and Anonymizer 2.0 will work in parallel - independently of each other's 
product set. The Toolbar and Navbar will continue to be supported by 
Anonymizer. Nevertheless, if the user installs the AnonPro client, any 
previously installed Anonymizer toolbars will be uninstalled. 



8. AnonPro Project Details 

This project consists of many modules that have been split up to 
accommodate the areas of expertise and timeline. This document covers 
only the AnonPro Client portion of the project. There are 3 other components 
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Objective 




7. 



Scope 



7.1. Product Overview 



that are not described in the document: 

1. AnonPro SSL-Server 

2. AnonPro Web-Server 

3. AnonPro Server-Proxy 

In addition, the AnonWasher project is running in parallel - but isn't really dependent on any of 
the components of this project. y 



8.1. Project Team and Responsibilities 

This project is split into major components and assigned to the following teams- 



Dev. Management 
AnonPro GUI Design 
AnonPro Client 
AnonPro Communication 
AnonPro Web Server 
AnonPro Proxy 
AnonWasher 
SSL-Server 



- James / Director of Engineering 

- Robert / Marketing Manager 

- Steve Walsh (Outsource) 

- Steve Walsh (Outsource) 

- Gene / Web-Server Engineer 

- Darya / Proxy Engineer 

- Azi / AnonWasher Engineer 

- Darya / Proxy Engineer 




Startup Wizard 
-Steve2(gui) 10 
backend 



Startup module 
Steve 6 



Logon/Auth - 
Steve 7 



Renew/Upgrade 
-Steve 8 



TCP Hook- 
Steve 4 



Client Update 
Steve 9 



Client Proxy 
Steve 5 



Recently Visited 
Sites - Steve 3 



GUI - Steve 
1 



Server proxy 



8.2. Deliverables 

The deliverables are identified as follows and correspond to the module 
sections as described in this document: 

• 1 st deliverable: gui, startup wizard gui 

• 2 nd deliverable: top hook, client proxy, recently visited sites 
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• 3 rd deliverable: 



startup module, logn/auth, renew/upgrade, client update, startup wizard 
backend (needs a login to the web-server). 



8.3. BugTracking 

Buglilta*'" 9 teke P ' aCe USi " 9 l ° fraCk bU9S - St6Ve Wi " require aCcess t0 our 



8.4. QA Drops in between deliverables 

Between the deliverables there will be QA drops that will be necessary to fix bugs that arose 

• KIW* A *^ wi " be scheduled on a e -**— basis (depending on 

9. AnonPro Client Module Architecture 

Architecture and Description of all modules. 

9.1. General Architecture 

The main goal of this system is to shield the user from the various threats presented when 
using the Internet. To achieve this we must embed ourselves in the top layer of the system 
and route the client's data to a transparent proxy running on the client. The client proxy will 
determine what filters to apply based on the users settings and then forward the data to the 
anonymizer proxy to perform additional security measures. As a side note the location of the 
server cert will be known from the registry entry AnonPro Home Directory The client will 
then need to go to AnonPro_Home_Directory\sites where the server cert is located and read 
it in. The server cert will be used to do silent SSL connections with the Web-Server to send 
usernames, passwords etc.... 




9.2. Startup Wizard Module 

When the client is started, it is loaded into the system tray and displayed as an icon. Immediately 
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after that, the client checks to see if the client is being run for the first time (Stored in the registry 
see Initial Execution) if so the client startup wizard (REFERENCE SCREEN SHOT) is invoked 
The wizard will check for an Internet connection (by checking the return value of a socket connect 
or another method if anyone can suggest one) and prompt the user to open one if no such 
connection is found. Next it will prompt the user to enter his/her registration key (26 characters 
hexadecimal with dashes retrieved from cd package or provided when software is downloaded) 
this will be posted to the registry value Account Creation uri with a query string 
"?action=regval&regcode=<registration code>" this will return a xml document 
Account Creation URL return. A return value of 0 means the key is invalid and a message 
should be displayed followed by reprompt for key otherwise the product edition is to be stored in 
the registry ( ProductType ) and the public key for the user will be stored in the registry 
(Anon Pub Key ) and the user will start the account creation process. The wizard will ask the 
user if he/she is new or existing if they are existing they will be prompted for their username and 
password if they are a new user they will be prompted for their desired username, password, 
password confirmation and optional email address. The wizard will verify that the two passwords 
match throwing an error message if they don't then lookup the account creation URL 
(Account Creation URL) and do a https post to it passing in the user info as a query strina if 
renew flag is 0 querystring = " " 

■?action=createacct&renewflag=<renewflag>&reinstallflag=<reinstallflag>&uname=<username>& 
passwd-<password>&email=<email>" where <renewflag> is either 0 for new user or 1 for 
existing and <reinstallflag> is 0 for unused registration key and 1 for a used registration key This 
post will return an XML document Account Creation URL return . The wizard will then prompt the 
user if he/she would like the system to start when windows starts (or they login) if they choose 
yes we must create the Run when win starts registry entry. We must also prompt for the global 
secunty level(7 settings on the slider) after the user picks one, we must write the corresponding 
bitmask into the Security Level registry entry. We must also prompt for auto update on or off and 
write that into the Auto update registry entry. Next we must prompt to see if we should show the 
pnvacy monitor on startup, this should be stored in the Show floater registry entry. Now we need 
to prompt the user to see if the default state of the system is on or off and store the result in the 
Default state registry entry. Finally we must prompt the user to see if we should run the 
AnonWahser on exit or not and the result must be stored in the Wash on Pro Quit registry entry 
If no error is returned the wizard must set the Initial Execution flag to false 
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9.3. Startup Module 



This module handles the flow of the client when it starts. First it will call the 
universal site key module then it will check the Auto login registry setting to see 
if it should prompt for the username and password. If Auto_Login is enabled the 
Anon Uname and Anon Password will be passed to the Login/Authentication 
Module. If Auto_Login is not enabled then we must use the Anon Pub Kev to 
encrypt the username and password that the user entered and pass those values 
to the Login/Authentication Module. If the return value of the module is not 
success then we need to throw an error message and reprompt for the username 
and password. We must check the Wash on Pro Quit registry entry if its 1 we 
need to set a atexit handler that will call the AnonWasher executable with the 
command to wash now. The AnonWasher Executable will be located at 
AnonWasher _Home and the parameter to pass in to invoke wash will be given. 
Otherwise we have success and we can read the registry into our cache. 
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Program 
Starts 




Read 
Anon_Uname and 
Anon^pass from 
registry 



f Pass values to v 
^\ Login/Authentication 
Module 




Jrom registry^ 




wash_on_pro_quit 
tnje 



Set atexft 
handler that 
invokes the 
anortwasher 
located at 
iinonwasherhOme 
instructing it jt 



If ProductType is Pop-up-shield activate pop up blocking 
functionality only. If ProductType is cookie-shield then 
activate 3rd party cookie and wet? bug functionality. If 

privacy-monitor activate nothing. If personal-web^ hie Id 
activate everything 



ProductType 
comparison should 
not be case 
sensitive. 




The Registry Data will be stored 
using one or more instances of 
the CReg Cache class We will 
need to modify this class to suit 
our. needs slightly. Encrypted 
Registry entries should be 
stored decrypted in the cache. 



f Read Registry \ 
A into Cache Jj 




End Start up 



Please note: Despite the diagram above - for this project, there will not be editions of AnonPro 
that will change the behavior or screens of AnonPro client. This functionality will be included in 
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later releases of AnonPro. 



9.4. Login/Authentication Module 

This module will be called whenever a client process (i.e Client Proxy or the SSL 
server, etc... ) wants to login to the anonymizer service and receive an APAuth 
cookie to proceed. If auto looin is on the calling process should pass 
Anon Uname and Anon Password in as the parameters. If the autojogin is not 
set the calling process must prompt the user for the user name and password 
and then encrypt them using Anon Pub Kev these will then be passed in as 
parameters. The module when called will do a silent HTTPS post to Login URL 
with querystring "?uname=<username> & passwd=<password>" The output of 
this post will be xml in this form: 
<root> 

<status>invalid| I expired | I inactive | I active</status> 
</root> 

If successful APAuth and APMeta-Auth will be set and we should parse out the 
<tos> value from the APAuth cookie. This value will be stored in the ProductTvpe 
registry entry. If not successful we will check to see if the user is expired if so call 
the update/renew module. If there is any other error it will be returned to the 
calling process, which will be responsible for re-prompting the user for his/her 
info. 
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Final Slate, 
Return auth- 
cooKie 



9.S. Renew /Upgrade Module 

This module will need to be called whenever we want to prompt the user to 
upgrade or renew their product. When invoked it will open the default browser 
with the Signup URL that we have stored in the registry posting the following 
query string "?uname=<encrypted username>". From here the user will select 
the edition he/she wants to renew or upgrade and enter his/her info. Upon 
successful completion it will prompt the user to restart the client. 
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Module 
triggered 




Open Default 
Browser with 
signup^url 
from registry^ 




Post to 
signup_url 
with una me 

in query 



User selects 

desired 
edition and 
enters credit 
card info 



Authorize 
transaction 




f Prompt User"\ 
( to restart )i 
V pro gram jff 



Final State 



9.6. TCP Hook module 

This module is responsible for hooking all the necessary tcp layer calls and 
redirecting the data to the client proxy module. When the browser tries to 
connect a socket the TCP Hook module will intercept the call and examine the 
port number. If it is 80 it will redirect the socket to localhost with the port set to 
the registry value (http port). If it is port 443 it will redirect the socket to localhost 
with the port set to the registry value ( https port V If it is any other port it will 
redirect to localhost with port 8080. 
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Browser 
Requests 
Web resource 




Processed by 
LocalHost 
server 



9.7. Client Update Module 

When the client update module is called it will make a silent http post to the 
Update URL. This script will return any new list versions and a bin_notice with a 
bin_url based off the information in the AnonPro cookie. If Auto update promp t 
is set to 1 then we must pop up a dialog to see if we should update the lists. If 
they answer yes we proceed if they answer no we do no update. Before writing 
each list into the registry we must read TrustedList . ProtectedList BlockedList 
and ServerList from the registry and check for modifications or deletions by the 
user. If the user has done either of these then their changes should persist. If we 
have parsed out a binjiotice and binjjrl then we must pop up a dialog informing 
the user of the binary update and asking them if they would like to download it. If 
they choose ok we must open the default browser and navigate to that url. 
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Final State 



9.8. Client Proxy Module 

This module is to be run as a windows service separate from the client. When the 
client proxy module starts up it must read the TrustedList . ProtectedList and the 
BlockedList from the registry in order to populate our per site preferences cache. 
This cache will be a hash table with the hash value being a hash of the top level 
domain and the value being the DWORD bitmask containing the preferences. 
These lists will be stored in xml format so they will need to be parsed. 
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9.8.1. Universal site key module 



This module will be invoked once on startup to generate a new universal site key 
to use for the current session. This key will be used to forge the identity of all ssl 
servers the client tries to connect to. It will be invoked as a low priority thread to 
run in the background and generate the key. Once the process is finished it will 
swap the new key for the current one and exit. To generate this key pair we will 
use the OpenSSL functions to create the RSA key pair. Once generated this key 
pair is it will be stored encrypted using the SHA-1 hash of the username and 
password in AnonPro Ho me DirectonA sites We will also need to write a function 
to generate the site certificates when we need them. This will just take the 
domain name as a parameter that will be inserted into the cert template and then 
signed by the secret key generated above. 



9.8.2. SSL module 

This module is responsible for the handling of all data passed through on a 
secure connection. This is outside the scope of this document and will be 
discussed in a seperate specification. 



9.8.3. Non-SSL Module 

This module is responsible for the handling of all data passed through that is not 
on a secure connection. Its primary responsibility will be adding and removing 
headers as well as streaming the data through the filter module and the 
anonymizer proxy. During the processing of the request this module will need to 
prune the url down to its top level domain and enter it into the recently visited 
sites cache ( Recently visited sites) it will also need to run the top level domain 
through the per-site settings cache to see if there is a match. If there is we will 
apply those security settings to this request if there isn't we will use the global 



Initial 
Slate 





® 



Final State 
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settings ( Security Level ) . Once we have applied all of our security filters we will 
forward the request to the anonymizer proxy. When we receive the response 
from the anonymizer proxy we will do a second pass on our filters applying those 
that are relevant to incoming requests. Finally we will return the requested web 
resource to the browser. 
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9.8.4. Filtering Module 

This is the module responsible for filtering the content requested by the user If 
will remove items such as ads, popups etc... (Refer to the requirements features 
matrix ). This functionality is already implemented in the filtergate code. It will 
either be moved to and called by the client proxy or it will be called through 
filtergate via the shared memory interface. One thing to note is that we will now 
be collecting stats on how many threats we have blocked. We will need to update 
the PaqesBlocked, ActveContentBlcked AdsBlocked and PopupsBlocked to 
reflect what we have done. This can be updated either on a per item (meaning 
every time something is blocked you update the count) or on a per page basis 
(meaning you keep counts for every page and update the counts after the page 
is finished loading). If while filtering we encounter a request that is on the blocked 
list we must redirect to Never List Redirect URL if it is a url or redirect to 
Never List Redirect Imagfi if it is a request for an image. If OS hiding is active 
we must replace the OS in the headers with OS Hiding Name Similarly if 
referrer hiding is active we must replace the referrer header with 
Referring Hiding Name . 



9.8.5. Per Request preferences 

Client has to pass the following settings to the Proxy for each web-page request 

- IP-Hiding (proxy) 

- SSL Fulltime (proxy) 

- Active X Filter (finjan) 

- Java Filter (finjan) 

- JS filter (proxy) 

- VB filter (finjan) 

- Safe cookies 



The client is to send an HTTP header with each web request that will contain a bit-mask 
specifying what security options will be applied by the proxy on the returned web-paqe that the 
use has requested. 

Structure: 

To check if the nth bit is turned off, 

If (2 A n &bitmask==0) 

// this means that it is turned off 

{ 

blah blah; 

} 
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9.8.6. Dependency Matrix 



•MEL: 


PR 

0 


o 


0 












1 BCi, 


\AxB 


: JB; ; 






riBte; 






$3 












0 


0 
























OSHj 














0 






















MC 
















0 


















0 


BC 






0 












0 


















AxB; . 




















0 














X 
























0 












X 


























0 










X 


?BTBT'i 
5Bm • 


























0 


0 








JPH. 






























0 


0 






Leqer 


id ot/ 


tobre 


viatior 


s in a 


Dove t£ 


ihle 


0 




X 


X 


X 






0 




0 



! P e P endent < if on °P tion is selected, the other will have to automatically be activated as well) 
- hnth cannot be selected and therefore the AnonPro Client needs to deselect the other option. 

= PopUp Blocking 
= Ad Blocking 
= 3rd Party cookies 
= Web Bugs 
= Referrer Hiding 
= Page Title Hiding 
= OS Hiding 

= Modified Cookies (also called filter cookies) 1 
= Block Cookies 
= Active X Blocking 
= Java Block 
= Java Script Block 
= Blinking Text Block 
= Background Music Block 
= IP Hiding 
= SSL Fulltime 

= Filtering of Java, JavaScript, VBScript and ActiveX.(*) 



PB 
AB 
3P 
WB 
RH 
PTH 
OSH 
MC 
BC 
AxB 
JB 
JSB 
BTB 
BMB 
IPH 
SSL 
F 



Browser begins streaming 

- SSL ■ 

o If SSL (if the connection coming in is an ssl connection> 

- Redirect to proxy 

o IP hiding 

o URL encryption 

o Ssl 
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- Rewrite headers 

o OS hiding (already done by FilterGate) 
o Referrer hiding (already done by FilterGate) 

nrnv! X !m^ UR . L en ^ ptior !' the the P ub,lc ke V is by anonpro client in a cookie. The 
U P th,s cookie - (Currently the toolbar does it this way - but not with an XML 

Note: Proxy Changes will be needed to support XML cookie structure. 

9.8.7. Preferences 
Trusted List / Protected List 

- check "Blocked" list, then check "protected" list, then check "trusted" list 

- if URL is listed in the "blocked" list 

o if it is the HTML mail page - popup a warning 

o if it is just an image, replace the image with an "anonpro" image 

- If the URL is listed in the "protected" list 

o Check the "per site" preferences 

o If no "per site" preferences, then use what the current preferences are. 



9.8.8. Java Script cookies 

hi i this release we will keep the current Java script cookie functionality that resides in the proxy 
StoSj 8 reIe3Se ° f the AnonPr ° C,ientl we wi " include java script co ° kie 

9.8.9. Modified Cookies 

If this is on we will set all of the cookies to session only. We will override the javascript setcookie 
functionality to set its cookies as session only as well. 
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9.9. Recently Visited Sites 




requests page 




Whenever a request 
is made for a web 
page the address is 
placed inside our 
cache. At some 
point a thread will, 
be xheduled to go 
through the cache 
pruning addresses 
down to their top 
level domains, 
removing duplicate 
.entries and placing 
any new domains 
into the recent hash 
map. 




store ad dress in local cache 

pass request for page 



6^ 



return page 



schedule purge of cache to recent list 



Note to developer, 
how do you plan 
on prunning top 
level domains 
You have us .gov 
etc... 



Whenever a request is made for a web page the address is placed inside our 
cache, we will need to schedule a thread that will run somewhat frequently to go 
through the cache using our url pruning algorithm to strip down to top level 
domains removing duplicate entries and placing any new domains into the recent 
hash map. 
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9.10. GUI 

The aim of our user interface is to allow the user to easily navigate through the control settings for 

If ^ u u, Client The ,nterface should ** sim P' e and easy to use. In addition the GUI 
should be able to meet the current demands and able to evolve to meet future challenges 



9.10.1. Start Wizard 



9.10.1.1. Welcome 



When the clien is started, it is loaded into the system tray and displays as an icon. Immediately 
atter that, the client checks to see if it is being run for the first time ("Is initial run?") by reading the 
regis ry setting (Initial Execution). Please see section "3.2. Startup Wfrard Mod,.!*- for details of 



Anonym ker Privacy Manager Startup Wizard • S- • - : r v - s fc^j|j& 



m 




••■ .v. 



WELCOME TO Tgjt^N^fflZER PRO 



SETUP WIZAR^ 




::^~rQ ,-; v " v 




The registry setting is used to indicate if the wizard needs to run or has already run During client 
installation, this needs to be set to 0 by the installer. After "startup wizard" is run, the client has to 
change this flag to "1". 
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9.10.1.2. Us rTyp setup 
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9.10.1.3. New User Registration 
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9.10.1.4. Existing User Registration 
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9.10.1.5. Set Essential Program Defaults 



Anonymizer Privacy Manager Startup Wizard ' 



IllSS Srrp * SETES&IA^QGRAM DEFAULTS! 



*t u° U , nave ^^""V e|pe«J. your^flim! You're almost ready to P 
.SliiqPpS S!f^TT" Cin9 , C °f^^P rivacy - ^s^etsome of your program!!? 
-^kfe. faults ^tbest-fite^o^rexperi^tfifeintemet ' 



You're ready to 



NOTE: Anoaymtea, ,«eoniif^p lw ^^um^MMtt aattlng. halo*. vb« M% 
|i always thins* lte«p3jg^^M*^g^g£ <•"* - °" "fI,M 
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9.10.1.6. Success 




9.10.2, System Tray 

The AnonPro client installs into the system tray within windows. The Sys.Tray Icon is that of the 
Anonymizer logo (a blue shield with an "A" in the middle). By hovering over the blue shield with 
the mouse and right or left-mouse-click, a menu will display. 

The menu contains the following items: 

- Open Control Panel 

- On/Off toggle 

- Per Site-Settings 

- About AnonPro 

- Exit 

Below is an example of the system tray with opened menu list. The menu items in the example 
below are different than the actual requirements as listed above. The menu items from the list 
above are accurate and override those shown in the screenshot below. 

Right mouse pulls up menu. Left mouse pulls up control panel. 
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9.10.2.1. Default Screen 

The first screen that is display when the user clicks on the AnonPro icon in the sys tray or selects 
Open Anonymizer Pro" is the "Global Settings" screen. 

9.10.3. Bitmap images 

Below are a list of the various images that are needed for the GUI. 

In order to be consistant with our Control panel button colors, we have the icons change colors 
depending on state of application: 

ON = Green Anonymizer IconV (this icon shows blue - but change this to green) 
Off = Red Anonymizer Icon V 

M 

32x32 Icon = V 

16x16 image for trash = IH 
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Slider Background = 



9.10.4. Non-Categorized Screens 

1 . All mlscelaneous pop-up boxes (such as "enter user-id and password" popup) will carry 
over the same look and feels as that of the of the control panels (buttons, colore, text). 
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9.10.5. Static Areas of Control Panel 

The control panel is split up into 2 "frames". The frame on the left is a "static area" which does 
not change between the various screens of the control panel. The frame on the riqht is the 
dynamic area of the control panel and will show different values and functionality for each screen 



Toial Application Width c m Pixels 



Ufl Panel jRmttionsO 
Widih* 1« Pixels 



Static area 



Dynamic content area 




Top Rnu? Kelghr = 77 Pixel* 



Content Row Heigh! » $08 Pi: 



9.10.5.1. Static Button attributes 

"On" button - if selected - turns green. If not selected - turns gray. If mouse hover - text in 
button turns yellow. If pressed down, the button will turn a darker color of the color it currently is 

23 - f *\u ^5?^ 9re€ T' 9ray ~ tUrns dark 9 ra V)* Please see "Appendix C: Color RGB 
matrix" for the RGB values of the listed colors. isd-ase 
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"Off" button - if selected - turns red. If not selected - turns gray. If mouse hover - text in 
button turns yellow. If pressed down, the button will turn a darker color of the color it currently is 



2 i?~ y Mon ' tor - ' f s ^ 1 ected - turns green and brings the privacy monitor to the front (if the 
pnvacy monitor is already activated, then it is brought to front). If not selected - turns oral " if 

nS,5ic1L"n teXt tums y ell °*- I! P ressed d °™. «» button will turn a darker color of the color it 
currently is (e.g. green - turns dark green, gray - turns dark gray) Please see "Annendiy r 
Color RGB matrix " for the RGB values of the listed colors. Appendix C. 

hnftom e S priva ^ r m ° nitor " a sma " wind °w displays (separate to the control panel), at the 
bottom-right corner of Windows, statistics on the privacy functions that are working (as selected 
by the user in the "privacy settings" control panel). For example the "privacy montor" would 
display the pnvacy values for a given page with count statistics. 

If the "docking" option in preferences screen (see " Preferences " section) is selected then the 
privacy monitor screen is placed at the bottom right corner of the windows desktop. 

Note the picture of the "privacy monitor" below shows a window pane with a title frame The final 
pnvacy monitor" should not have a title frame, but should just have a thin frame. If the use wants 
to move the window, then he/she can click anywhere on the window and drag it with the mouse 
Also, there is no mm/max or close bottons as shown in the example below since this is a title- 

I6SS WlnuOW. 

Paid Privacy Monitor 

The privacy monitor GUI has been modified to a much simplier design. Please see below for the 
nsw vjUI CjGSIQ n. 



THREATS DETECTED: 347 THREATS ELIMINATED: 289 



Free Privacy Monitor 

Also, one edition is possible. This is if the user buys the "Privacy Monitor Only" edition (which will 
hkely be a freeware product. It's purpose is to scare the user into seeing how much is actually 
being sent to their computer that might breach their confidenciality. 

The AnonPro client will not actually filter or block anything (e.g. all functionality is turned off) The 
^^Jg^L'g.? 6 ?.".?^ 1 -'^ 11 I ^jglregdonjylmode_and all GUI checkboxes will be inactivated 




SIGN-UP NOW 

fOR PRIVACY PROTECTION! 



Wash Now- if selected - turns green for 5 seconds (to simulate washing). If not selected - 
turns gray. If mouse hover - text turns yellow. If pressed down, the button will turn a darker 

-A?n?l r C< ? r , 14 ool ntly " ( f , 9 ' 9reen " turns dark 9 reen ' 9ray - turns dark gray). Please see 
Appendix C: Color RGB matrix" for the R^R >«■■■. «~ C p |orc a yi 
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lold «nt2 f "!? ?" °S "Si ^ onWasher aPP'^tion (not part of the AnonPro Client and 
sok I separately . The AnonPro Client will know where the executable of the AnonWasher bv 
reading the registry setting: °AnonWasher Hnmp» nnonvvasner Dy 

ta&T if .f S o e » Cte ? ~ tu [ ns .9reen and pops up a separate "Help" window (see section 4 4 7 
below). If not selected- turns light gray (as shown above). If pressed down the button will turn 
a darker color of the color it currently is (e.g. green - turns dark green. graT- urns gray) 

beZt "if SSCif'T 9re f P °f S UP 8 S?Parate " Ab0Ut " Wind0w < see section 4 4 -8- 
below). If not selected - turns light gray as shown above). If mouse hover - text turns vellow 

If pressed down, the button will turn a darker color of the color it currently Z (e g gS - turns 
JKSX' ' 9ray) ReaSe 566 " APP6ndiXC: C ° l0r RGR MB values of 

Options - There are 4 items in the options section in a list box and are detailed in the following 

- global privacy level 

- per site privacy level 

- privacy statistics 

- preferences 

Upon selecting any of these items, the selected list item turns gray with white text. 

Dialog Size - All control panel window sizes are fixed (and not sizable) The Size of the control 

££££ ? 6 d ? err T ed UP ° n aeating the actual GUl to ensure ■»« noS * n 
displaying all functionality caused in displaying the control panel window. 

W/«Anfeeflfex - Pressing the minimize puts the window in the task bar of windows Prefixing "X" 
£e S w^ 
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9.10.6- Dimensions 



Total Application Widlh « 660 Pixels 




Pixeh 



W««h*4*>Pwalj 
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9.10.7. Preferences 



Al'smajr type should be: 
tthoma 
10 Points 



f AnonymJ?er Pro 




Tba In 'Options- tot ft: 
Hihoma 
10 Pomes 



Please note. The diagram above shows the Logon as different user as a menu item. But actually 
Si J? a b0 * ,n lt \ e "Preferences" section. It is not logically possible to be able to switch 
users AnonPro settings from this screen and therefore might confuse the users. Rather "Logon" 
as different user should be to allow the user to logon using a different user-id/pw to logon to the 
Anonymjzer web-site^ If the user wants to load different AnonPro Client settings, then he/she will 
need to logout of windows and relogin as a different user. The HK Current User registry handles 
this in the matter consistent w/th typical windows applications. 

9.10.7.1. Launch AnonPro once windows starts. 

HiiHf c P K 6f u 6n . C !f Se , ,tingS G y ' ,he user has ,he ^""y of specifying whether the AnonPro 
client should start automatically when windows start - or not. If the user selects this option the 
registry setting <HKCU> Run_when_win_starts" will be set to "1" (on). Upon AnonPro client 
startup, it will read this registry setting to determine if anonpro should be started and will do so 
accordingly. 
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9.10.7.2. Automatically log-in to AnonPro 

In the preferences settings GUI, the user can select whether AnonPro logs the user in and 
authenticates the user with the Anonymizer Web-Server. If "remember me" is selected by the 
user, the AnonPro client will read this setting from the registry (<HKCU> Autojogin) upon startup 
and automatically log the user in using the registry values stored in (<HKCU> Anon_Uname and 
<HKCU> Anon_Password) and logon to the Anonymizer Web-Site using these values in order to 
authenticate the user with the anonymizer. If the user has selected "remember me" but did not 
supply (and store) a user-name and password, a dialog box will appear which prompts the user to 
enter their user-name and password (with the option to store these values permanently) In 
which the preferences screen above should also have a button to the right of this option "user- 
name and password" that allows the user to pull up the same dialog box. But this is not shown in 
the screenshot above. This needs to be added to the screenshot and included in the next version 
of this document. 

9.10.7.3. Display Privacy Monitor once AnonPro starts up 

In the preferences settings GUI, the user can select whether AnonPro Privacy monitor 
automatically is displayed once the client starts up. 

In addition, the user can indicate if the privacy monitor always be on top or not. 

9.10.7.4. Auto-Update 

In the preferences settings GUI, the user can select whether he/she will be notified of an auto- 
update of lists and binaries. During Authorization, the Web-Server will check to see if any new 
files are available for uploading to the client. If so, these files will be uploaded to the client 
NOTE: This only happens if the user has selected this option as ON 
Registry entry: <HKCU> Auto_Update 



9.10. 7.5. Prompt me before updating 

In the preferences settings GUI, the user can select whether he/she will be prompted each time 
for new lists before they are automatically inserted. If this option is checked, each time 
Registry entry: <HKCU> Auto_Update_Prompt 



9.10.7.6. Wash System before quiting AnonPro 

In the preferences settings GUI, the user has the capability to specify whether the AnonWasher 
should "wash" when the client is quit. Important note: If the client is turned off - then the wash is 
not performed. It is only if the client is quit. IMPORTANT: check if the client can catch a signal 
from windows when it is shutting down. Registry Entry: <HKCU> Wash_on_pro_quit 

9.10.7.7. Don't save recently saved site URL's 

In the preferences settings GUI, the user has the capability to specify whether the resently visite 
URL's are actually shown in the list box in the GUI "Per Site Preference Settings" (see section 
3.10.7). If the user selects to turn this off, then the recently visited sites are not stored in the list 
box and this list box is left empty and never logs any recently visited sites. 
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9.10.7.8. Always ask to confirm changes to settings 

Everytime they leave a screen or leave the program and have made chagnes, a dialog box pods 
up asking if they want to save changes. M 



9.10.7.9. Enable sounds 

If selected, the sounds AnonPro sound effects are turned on. If selected, each time a cookie i 
up, etc is filtered or blocked, a sound effect is played, (sound effect to be determined for each 
type of block or filter). 



9. 10. 7. 10. Washer Preferences 

This button will pull up the AnonWasher configuration screen. AnonPro will check the registry 
setting of "AnonWasher_Home" and then call the AnonWasher from the directory which is stored 
in this setting. 

If selected - turns green and pops up a separate "AnonWasher Preferences" window (the 
AnonWasher is a separate application that the client calls using the AnonWasher_Home registry 
setting to determine where to find the AnonWasher application). If not selected - turns gray (as 
shown above). If mouse hover - text turns yellow. If pressed down, the button will turn a darker 
color of the color it currently is (e.g. green - turns dark green, gray - turns dark gray) 



Side Note: This AnonWasher_Home registry key has to be set by the AnonWasher installer If 
not, then the AnonPro Installer will set this key instead. If the AnonWasher is already installed 
when the AnonPro Client is getting installed, then the AnonPro Client is NOT to override this 
value. This is the location of the anonwasher which the "config washer button points to and the 
"wash now" button points to. 

There is no option in the GUI to allow where the washer resides. By default, the Washer will 
reside in "c:\program files\anonymizer\anonwasher°. 
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9.10.8. Global Privacy Level 



Changes per level 



Anonymizer Pro 



mm 




. , fcxl foi Global Privacy Level splash scrw 
Tatoma 
12 Points 



-I. 

■ it , 
# r 

'iff 



Global Privacy le*el 
Per Ste Privacy levels 
Privacy Statistics 
Prctc-ences 




Please note: the threat-slider above doesn't show "blocked" - but should. If "blocked" is selected 
as the global setting then all sites are blocked except for those that are in the per-site settings. 

9.10.8.1. Slider 

The slider in the global privacy level allows the user to easily change from the following levels: 

- Trusted - (the User selected URL does not require to go through our proxy) 

- Low - (Protected Mode: goes through our proxy and a minimum amount of settings) 

- Medium - (Protected Mode: goes through our proxy and a moderate amount of settings) 

- High - (Protected Mode: goes through our proxy and a high amount of settings) 

- Maximum ■ (Protected Mode: goes through our proxy and ALL settings) 

- Custom - (Custom: gives the user the capability to select their own specific settings) 
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SSL 0 ! the ?° Ve !'^ er Wi " ""W" to a pre-defined set of privacy settings These 

settings as shown below as follows (needed): y "* 

9.70.8.2. Show Details 

This will hide the explanation text and image area and replace this with details of the setfinqs and 
checkboxes for each setting to turn on or off. Please see image below. 9 

If selected - turns dark gray and replace the details to the right with an image The button then 
changes text to "Show details". If "show details" is selected - turns light gra an TmSSZ he 
.mage to the right with the details for that screen. If mouse hover - text turns yellow* 
down, the button will turn a darker color of the color it currently is (e.g. gray - turns dark gray) 




9.1 0.8.3. Hide Details 

This will hide the check boxes with the details of the settings and replace this area with an image 
As of this current version of this document, we did not have the images ready The size of the ' 
screen stays the same. 

If selected - turns dark gray and replace the details to the right with an image. The button then 
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changes text to "Show details". If "show details" is selected - turns light gray and replaces the 
image to the right with the details for that screen. If mouse hover - text turns yellow If oresse 
down, the button will turn a darker color of the color it currently is (e g gray - turns dark gray) 



9.10.8.4. Custom Settings 

If the user moves the slider up to the "custom" area at the top of the slider, the custom settinqs for 
all functionality will be displayed with checkboxes to allow the user to either activate or deactivate 
each setting. The image below demonstrates how this screen will look. 

Once the user changes any of the settings, these settings will be stored in the registry 
permanently. There is no need (or capability) for the user to save these custom settings. 



V Anonymteer Pro 



Wnonymizev 
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9.10.8.5. Matrix of different settings 



is 

* v. ' , . .25* . .3^L^4? » «: ^. 


■ ' i p% * 

fM'r^j: :■ 

■ c -i ; .i 




.''IqwV-. 


^medium^ 

.i. ; 

:■ 




Mmaximumi 




Popup Blocking 


Client 




X 


X 


x 


Y 
A 


Optional 


Ad Blocking 


Client 




X 


X 


x 


x 

/A 


L/piionai 


3rd Party Cookies 


Client 




X 


X 


x 


x 




Web Bugs 


Client 




X 


X 


X 


x 


VjpiiUf Idl 


IP Hiding 


Proxy 






X 


x 


x 


vjpuonai 


Referer Hiding 


Client 






X 


x 


x 


vjpuonai 


Page Title hiding 


Client 






X 


x 


x 


vjptionai 


Modify Cookies ~~ 


Proxy 






X 


x 


x 


upiionai 


OS Hiding 


Client 








x 


x 


upiionai 


SSLfulltime 


Proxy 








x 


x 


upuonai 


JavaScript Filtering 


Proxy 








X 


X 


Optional 


Active X Filtering 


Proxy 








X 


X 


Optional 


Java Filtering 


Proxy 








X 


X 


Optional 


VB Script Filtering 


Proxy 








X 


X 


Optional 


Active X Blocking 


Client 










X 


Optional 


Block Cookies 


Client 










X 


Optional 


Java Blocking 


Client 










X 


Optional 


Java Script Blocking 


Client 










X 


Optional 


Blinking Text Block 


Client 












Optional 


Background Music 


Client 












Optional 



ft 10.8.6. Privacy and Security 

9.10.8.6.1. Referrer Hiding 

Will suppress the referrer information that is passed in HTTP protocol. If this option is selected 
the registry value: "Referrer_Hiding_Name" will be replaced for the tag. This value will be set ' 
during installation of the AnonPro Client and will not appear in the GUI. Therefore the use 
doesn t have the capability. 

9.10.8.6.2. OS Hiding 

In the registry, the tag: OS_Hiding_URL - is the name that is replaced when the OS Hiding option 
is turned on ~ 
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9.10.9. Per Site Levels 



Anonymteer Pro 



HiBh/Haximurn text spec: 
Tahoma 
10 Poms 
R2O1/B0/60 




Trusted/low t&a $p 
Tdhorm 
lOPufots 
Rf)/80/GJ02 



Medium text spec; 

JO 

R?S5/02O^/C»O 



Oistom reset spec: 

Tahoma 

10 Prints 

R5l /B 1<X?/G 153 
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If the recent sites box is empty, and the user tries to "Add" , then the nothing 
happens. No error box is displayed - but rather we feel it is intuitive that the user 
realizes that nothing happened because there was nothing that could be selected 
to be added. No pop-up error is displayed. 




For "Add Manually" this is the same case as well. I the use clicks on "Add" but 
hasn't typed anything in the text-box, then nothing will happen. We assume that 
the user will realize that they haven't typed anything in to add. No pop-up error is 
displayed. 

If the user try to add a site that already exists in my-sites, then it acts like it adds 
it, but doesn't actually because that site already exists. No pop-up error is 
displayed. " 
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Per Site Settings 



Anonymlzer Pro 



4 4**^ 




: V Anonymteer Pro : Per Site Privacy levels 




If the user selects from the Threat-Bar the "Custom" level, the "non-selectable" settings are 
changed to "check-box" settings to allow the user to make modifications to the settings. 

If the user selects from the threat-bar the "Block" level, then the "dynamic data" section of the 
screen (the nght hand side) does not display the actual settings (as shown above) but rather 
shows a summary what "blocked" means (corresponds to the "Hide settings" screens) 
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Statistics 




From the screen example above, the arrow indicates, sortable. There are 2 
columns that are sortable - "site" and 'Threat factor" . All other are not 
sortable. 



If the user decides to "set" a sites privacy settings from the "recent sites" list, 
then site is moved to the My Sites section of the screen after the user has 
finished setting. 

The my sites needs to be able to allow them to be "set" as well. Therefore, in the 
"my sites" section we will have a gray button background behind the actual 
current level setting. If the user selects, then it allows for editing of the per-site 
settings and pop up the per-site perf. screen. 

Please note: Still needes is a definition of what the derived 'threat factor' for 
any site. 

E.g.: High, medium or low. We need a matrix to map out. 
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9.10.10. Help 



£r Windows Help 



FllterGafe Contents: 

Introducing fo FiiterGate 
Using FiHerGatg m ftrf lfl^ 

FrQflHemiy^^Megtiqn? 

For the latest version of FilterGate, please visit our web site at: http://FiltBrGalft r ^ m 

FiterOtfe- edFitei «- . popupfiter »\ adul!Fier~ and privacyfffler'" are trademarks ol FiRerCate ltd. Netscape is a registered trademark of Netsrar* 



Upon clicking on the help button a new window will appear with the help contents 
displayed. The help contents are generated using standard Windows help system. The 
above image displays as an example the current way the filtergate application displays 
help. We would keep this method and just substitute the text for AnonPro text. 



Page 63 



9.10.11. About 




10. System 

This section describes the system requirements and components of the AnonPro Client 
Platform 

This section describes the platform that the AnonPro Client needs to run on 

- Windows 98 

- Windows NT 

- Windows 2000 

- Windows XP 



10.1. Languages 
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This section describes any language specifications that are required. 

- English (default and primary language the AnonPro Client runs in) 

- In future versions: Support for Unicode languages (Chinese, Japanese, etc) in future 
reieases of the AnonPro client Not a requirement in this version 



10.2. Error Handling 

An exception class shall be developed that 
help in debugging and troubleshooting. 



developers to create meaningful errors for 



10.3. Logging 

Logging will need to be configurable and displayed to different outputs. The different outputs 
that should be supported are the Operating systems native event logging mechanism the 
console and a file. The different levels of logging will be from 0-5 where 1 is display all 
messages and 5 displaying only critical messages, and 0 = no logging. 



10.4. Reliability / Redundancy 



Security 

make communication as secure as required for the client, the product has two levels of 
d user access security. In the AnonPro Client, there are the following security components: 

1 Application Layer Security 

2 Network Security 

3 Data archival and data classification 



Software Layer Security 

At the heart of security is the need to establish the trust relationship between the users and 
the products servers (Anonymizer Proxy, Anonymizer Web-Server) to grant access privilege 
and subsequent ability to protect the transactions. Various security means are used to assure 
recipients that message comes from a sender whose identity is validated and that its contents 
nave not been tampered with during the transmission. 

- User-I D/Password Authentication 

- SSL 



10.5. Secure Session 

Every product session is fully protected by using encryption technology. We use Secure 
Sockets Layer (SSL), which is widely adopted standard in industry, to encrypt data transmitted 
between a client and the <product> data center. 128-bit RC4 encryption mechanism in SSL is 
used to provide strong encryption. 

For the web access application, you have to have a Web Browser that supports 128-bit SSL. 
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All the most popular Browsers support 128-bit SSL in recent versions. 



10.6. Username and Password 

Username and password is used in authentication, but password is not passed in clear over 
the network even though it is protected by SSL link. Instead, in AnonPro Client, it is hashed, 
and he resulting "digest" is then sent over the network. When it arrives at the server site, 
server checks it to against the saved digest on the server database. 



11. Reference Documents 



Title 



Author 



Date 



AnonPro Functional Spec (this document) 
AnonPro Requirements Doc. 
AnonPro Proxy Support Functional Spec. Doc 
AnonPro SSL-Server Functional Spec. Doc 
AnonPro Web-Server Support Func. Spec. Doc 
AnonWasher Functional Spec. Doc 
AnonPro Test Plan 



James Reynolds 
James Reynolds 
Darya Mazandarany 
Darya Mazandarany 
Gene Nelson 
Azi Sharif 
Azi Sharif 



Draft 3 
Draft 2 
Draft 1 
Draft 1 
Draft 1 
Draft 1 
Draft 1 
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12. Glossary 



Product Acronyms 

Appendix A - Data Structure Definitions 



Preferences Bit Mask 
This is a DWORD bit mask 



bit 


feature 


0 


Pop up blocking 


1 


Ad Blocking 


2 


3rd party cookies 


3 


Web bugs 




4 


Ip hiding 




Referer hiding 


6 


Page title hidinq 


7 


Modify cookies 


8 


Os hiding 


9 


SSL fulitime 


10 


JavaScript Filtering 


11 


Active X Filtering 


12 


Java Filtering 




13 


VB Script Filtering 


14 


Active X Blockinq 


15 


Block Cookies 


16 


Java Blocking 


1/ 


JavaScript Blocking 


18 


Blinking Text Blockinq 


19 


Background music blockinq 


20-30 


RESERVED 


31 


Blocked (new from Steve) 



Please note: Bit 31 is being used as the "blocked" flag. 



APAuth Cookie 

<APAuth> 

<tos>type of service</tos> 
<uname>encrypted user name</uname> 
<expires>unix timestamp for expiration</expires> 
<hash>hash of sec. String + tos + uname + expires + sec 

String</hash> 

</APAuth> 
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Meta-Auth Cookie 

<APMeta-Auth> 

<uname>encrypted user name</uname> 

<uid>user id</uid> 
</APMeta-Auth> 



AnonPro cookie 
Sent with every request. 

<anonpro> 

<hash_reg>hash of the registration key MD5</hash_reg> 
</anonpro> 



Blocked/Trusted/Protected List 

This is the list format that we will use in the registry for these lists 

<list> 

<versionx/version> 

<site> 

<domain></domain> 
<prefs>'</pref s> 
<modified>0 | I K/modif ied> 

<deleted>0 | | 1 notifies us that the user has 
deleted this</deleted> 

<hardcoded>0 | | 1 notifies us that this cannot be 
changed or deleted</hardcoded> 
</site> 
</list> 



Server List 

<list> 

<versionx/version> 
<server> 

<proxy>10 . 10 . 10 . 21</proxy> 
<proxy>10 .10.10. 22</proxy> 
<web>10. 10.10. 16</web> 
<web>10 . 10.10. 17</web> 
</ server> 
</list> 
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Update list 

<list> 

<list_name>list__name</list_name> 
<version>version nbr</version> 
<server> 

<proxy>proxy ip</proxy> 

<web>web ip</web> 
</server> 



<site_list> 
<site> 

<domain>yahoo . com< /domain> 

<hardcoded>0 ( I K/hardcoded> 
<prefs>DWORD decimal with sercurity settings</pref s> 
</site> 

<site> 

same as above 
</site> 

</site_list> 
</list> 



Account_Creation URL return 

<root> 

<regval> 

<keystatus>invalid| |used| I new</keystatus> 
<publickey>public key generated by 
server</publickey> 

<edition>ProductType</edition> 
</regval> 

<createacct> 

<account_status>invalid_uname | | invalid^passwd | | no 
^authorized | | not_availible | | success</createacct> 
<suggestion_list> 

<suggestion>uname suggestion</suggestion> 
</suggestion_list> 
<uname>user name</uname> 

<enc_passwd>encrypted passwd</enc_passwd> 
</createacct> 

<error>invalid__action | | none</error> 
</root> 
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LoginURL return 

<root> 

<status>invalid | | expired | | inactive I | active</status> 
</root> 

note if successful APAuth and APMeta-Auth will be set. 



Appendix B - Registry Settings 



Root Key 
~HKCU 


Registry Name 


Section used 


Valid Values 


DataTyp 
e 


Syntax 


Notes 




Auto update 


Startup/inrt, 
Auth 


0/1 




Binary 


0 » off, 1 = on 
In the preferences settings 
GUI, the user can select 
whether he/she will be 
notified of an auto-update 
of fists and binaries. 
During Authorization, the 
Web-Server will check to 
see if any new files are 
available for uploading to 
the client. If so, these files 
will be uploaded to the 
client. NOTE: This only 
Happens it we user nas 
selected this option as ON. 


HKCU 


Autojogin 


Startup/tnit. 
Auth 


0/1 


Dword 


Binary 


0 = don't remember me, 1 
= remember me 
In the preferences settings 
GUI, the user can select 
whether AnonPro logs the 
user in and authenticates 
the user with the 
Anonymizer Web-Server. 


HKCU 


Autojupdate _pro 
mpt 


Startup/inrt, 
Auth 


0/1 


Dword 


Binary 


0 = off, 1 = on 
In the preferences settings 
GUI, the user can select 
whether he/she will be 
prompted for new lists 
before they are 
automatically inserted. 


HKCU\soft 

ware\Micro 

soft\window 

sVcurrent 

versionVun 


Run when win s 
tarts 


Startup/inrt 


0/1 


string 


Path and 

name of 

the 

client 

executab 

te. 


0=off, 1=on 

In the preferences settings 
GUI, the user has the 
capability of specifying 
whether the AnonPro client 
should start automatically 
when windows start - or 
not. 


HKCU 


Show_floater 


Startup/init, 
GUJ 


0/1 


Dword 


Binary 


0=off, 1=on. 

In the preferences Settings 
GUI, the user has the 
capability to turn on the 
floater. 


HKCU 


Dockjoater 


Startup/init, 
GUI 


0/1 


Dword 


Binary 


0=dock,1=nodock 
In the preferences settings 
GUI, the use has the 
capability to have the 
floater docked at the 
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Root Key 


Registry Name 


Section used 


Valid Values 


D'ataTyp 
e 


Syntax 


Notes 














bottom of the screen of 
windows. 


HKCU 


Default^state 


Startup/init, 
GUI 


0/1 


Dword 


Binary 


0=off, 1=on 

In the preferences settings 
GUI, the user has the 
capability to specify 
whether the client starts in 
"ON" mode or "OFF" mode. 


HKCU 


Wash on Pro Q 
uit 


Startup/init, 
GUI 


0/1 


Dword 


Binary 


0=off, 1=on 

In the preferences settings 
GUI, the user has the 

uajjauniiy iu SpeCliy 

whether the AnonWasher 
should "wash" when the 
client is quit. Important 
note: If the client is turned 
off - then the wash is not 
performed. It is only if the 
client is quit. 

IMPORTANT: check if the 
client can catch a signal 
from windows when it is 
shutting down. Darya 
checked: the name of the 
sys.event is "AT_EXI"T. 


HKLM 


AnonWasher^Ho 
me 


GUI 


Path 


String 


Path 


This key has to be set by 
the AnonWasher installer. \ 
If not the AnonPro Installer 
will set this key instead. If 
the AnonWasher is already 
installed when the 
AnonPro Client is getting 
installed, then the AnonPro 
Client is NOT to override 
this value. This is the 
location of the 
anonwasher, which the 
"confia washer" button 
points to and the "wash 
now" button points to. 
There is no option in the 
GUI to allow where the 
washer resides. By 
default, the Washer will 
reside in "c:\program j 
files\a n onym \ze r\anon was h 
er" j 


~HKLM 


Refemng_Hiding 
_Name 


Streaming 


URL 


String 


URL 


Name that is to be 
replaced as the "referrer" in 
for the referrer_hiding 
option. 


HKLM 


OS_Hiding_Name 


Streaming 


Win98, etc 


String 


Win98, 

Linux, 

etc 


Name that is replaced 
when the OSJHiding 
option is turned on. 


HKLM 


Signup^URL 




URL 


String 






HKLM 


BuyJtowJJRL 


GUI 
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Root Key 


Registry Name 


Sectionnisech 


Valid Values 


:DataTyp 
e 


Syntax ; 


Notes 


HKLM 


LoginJJRL 


Startup/init, 
Auth 


URL 


String 


URL 

syntax 


This is the URL that 
authenticates the use rid 
and password that is either 

ciucicu uy ins user Or 

stored in the registry. 


HKLM 


UpdateJJRL 


Startup/init, 
Auth 


URL 


String 


URL 
syntax 


This isteh URL of where 
all lists are pulled down. 


HKLM 


Account ureaf/o 
nJJRL 


Startup/init 
(Wizard) 


URL 


String 


URL 

oyi iitJA 


After the reg.key has been 
validated (above), the user 
is rerouted to this URL for 
creating a new account. 


HKLM 


Never List Redir 
ect_URL 


Streaming 


URL 


String 


URL 


If the user types in a URL 
that is on the Neverlist, 
then they are redirected to 
this URL 


HKLM 


Never_List_Redir 
ectjmage 


Streaming 


Path/flename 


String 


Path 


If the user loads a web- 
page which has 
images/banners that are 
from a neverjist site, then 
load this image instead of 
the original image. 


HKCU 


Anon_Pub_Key 


Startup/init, 
Auth 


Key 


String 


Key 
format 


Key used to validate all 
data coming from the Anon 
Web-Server. 


HKLM 


AnonPro Home 
Directory 


Startup/init, 
Auth 


Path 


String 


Windows 

valid 

directory 


Directory where AnonPro 
is stored. 


CU 


AnonJJname 


Startup/init, 
Auth 


User name 


String 

(already 

encrypte 

dby 

server) 


Valid 

user 

name 

from 

anon. 


Encrypted user name sent 
back during startup wizard. 


CU 


Anon_Password 


Startup/init, 
Auth 


Password 


String 

(already 

encrypte 

dby 

server) 


Valid 

passwor 

d from 

anon 

web 

server 


Encrypted password sent 
back during startup wizard. 


CU 


Initial^Execution 


Startup/init 


0/1 


Dword 


Binary 


0=not yet run; 1=already 
run. 

Used to indicate if the 
wizard needs to run or has 
already run. During client 
installation, this needs to 
be set to 0 by the installer. 
After the "startup wizard" is 
run, the client has to be 
sure to change this flag to 
1. 


LM 


HelpURL 




URLName 


String 


URL 

valid 
name 




LM 


ServerUst 




IP Addresses 
of our 
proxies 


String 

(encrypte 

d) 


xml 


List of proxy, and web ips 


LM 


http j)ort 


TCP Hook 


0-65000 


Dword 


Dword 
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Root Key 


Registry Name 


Section used 


Valid Values 


DataTyp 
e 


Syntax 


Notes 


LM 


https jport 


TCP Hook 


0-65000 


Dword 


Dword 




CU 


TrustedList 




URL's 


String 

(encrypte 

d) 


xml 




cu 


ProtectedList 




URL's 


String 

(encrypte 

d) 


xml 




CU 


BlockedList 




URL's 


String 

(encrypte 

d) 


xml 




cu 


IFiiters[Key] 






Key 

(check if 

already 

encrypte 

d. If not, 

then 

leave as 

is) 




Filtergate settings as is. 


iMLM 


ProductType 




Popup 

Shield, 

Cookie 

Shield, 

Privacy 

Monitor, 

Personal 

Web Shield 


String 


No 

comma's 
only 
single 
digit 


Note: these settings will 
determine whether certain 
functionality is not 
activated (e.g. grayed out 
and unusable from the 

gui). 


HKLM 
>microsoft 


»current_version 
Chooch_ProdType_Exp 




Date 


String 

(encrypte 

d) 


Date 


This is to prevent users 

frnm roc in eta i linn tri^l 
Hum icbiiiMdiiiriy inai 

versions. 


HKCU 






0-999999 


Dword 




<same> 


HKCU 


ActveContentBIc 
ked 




0-999999 


Dword 




<same> 


HKCU 


AdsBlocked 




0-999999 


Dword 




<same> 


HKCU 


PopupsBlocked 




0-999999 


Dword 




<same> 


HKCU 


Security_Level 




1of7 
bitmasks 


Dword 




This will be the bitmask 
corresponding to the 
security level that was 
selected using the slider. 
These bitmasks will be 
consts. 



Appendix C - Color RGB Matrix 



Page 73 



Color Name 


RGB Value 


Red 


Tbd. 


Green 




Gray 




Yellow 




Dark Red 




Dark Gray 




Blue 




Dark Blue 
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